How Fix the Device Status „Pending“ in Azure

Wie können wir helfen?

How Fix the Device Status „Pending“ in Azure

Aktualisiert
Du bist hier:
< Alle Themen

The solution as documented by Microsoft is to run dsregcmd /leave, triggering the pending AAD devices to be deleted. Then after a reboot of the machine run dsregcmd /join (or wait for the scheduled task to automatically do this, on the condition that the logged on user is admin) and the device will again be rejoined to AAD. I noticed this only works after AAD Connect has created the device through another sync cycle.

This problem can occur in the following scenario:

  1. The device object is moved to another organizational unit (OU) that isn’t in the sync scope in Microsoft Entra Connect Sync.
  2. Microsoft Entra Connect Sync recognizes this change as the device object being deleted in the on-premises Active Directory. Therefore, it deletes the device in Microsoft Entra ID.
  3. The device object was moved back to the OU in the sync scope.
  4. Microsoft Entra Connect Sync creates a pending device object for this device in Microsoft Entra ID.
  5. The device fails to complete the device registration process because it was registered previously.

To fix the problem, unregister the device by running dsregcmd /leave at an elevated command prompt, and restart the device. The device will reinitiate the device registration process through the scheduled task. For Windows 10-based devices, the scheduled task is under Task Scheduler Library > Microsoft > Windows > Workplace Join > Automatic-Device-Join Task.

Get a list of pending devices

  1. The Microsoft Graph PowerShell SDK must be installed to execute Microsoft Graph PowerShell commands.
  2. Use the Connect-MgGraph command to sign in to your Microsoft Entra tenant. For more information, see Get started with the Microsoft Graph PowerShell SDK.
  3. Count all pending devices:PowerShell(Get-MgDevice -All -Filter "TrustType eq 'ServerAd'" | Where-Object{($_.ProfileType -ne "RegisteredDevice") -and (-not $_.AlternativeSecurityIds)}).count You can also save the returned data in a CSV file:PowerShellGet-MgDevice -All -Filter "TrustType eq 'ServerAd'" | Where-Object{($_.ProfileType -ne "Register

Link: https://learn.microsoft.com/en-us/troubleshoot/entra/entra-id/dir-dmns-obj/pending-devices#the-state-of-a-registered-device-is-changed-to-pending

Inhaltsverzeichnis